Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

ldap2zone recipe specific attributes

We store our zone names on Active Directory, and use Ruby to pull
these into Chef and configure our Linux BIND servers. If you already
have Active Directory, chances are you have an authoritative data
source for zone names in LDAP and can use this recipe to query
this data, just by setting a few attributes in a role.

bind['ldap']['binddn']

The binddn username for connecting to LDAP

Default nil

bind['ldap']['bindpw']

The binddn password for connecting to LDAP

Default nil

bind['ldap']['filter']

The LDAP object filter for zone names

Defaults to dnsZone class, excluding Root DNS Servers

bind['ldap'][server']

The authoritative directory server for your domain

Defaults to nil

bind['ldap']['domainzones']

The LDAP tree where your domain zones are located

Defaults to the Active Directory zone tree for example.com.

Usage

Notes on the zonesource recipes

The databag2zone and ldap2zone is optional code to fetch DNS zones
from a data bag, or Active Directory integrated domain controllers.
If you have a proper IP address management (IPAM) solution, you
could drop in your own code to query an API on your IPAM server.

Any query should use the << operator to push results on to the
bind['zones'] array. Drop your query code in a recipe
named query2zone.rb, for example. Then include the API query
by overriding the attribute bind['zonesource'] set to the
string query.

Alternatively, you can just use an override['bind']['zones'] in
a role or environment instead. Or even a mix of both override
attributes, and an API query to populate zones.

Example role for internal recursing DNS

An example role for an internal split-horizon BIND server for
example.com, might look like so:

Example to load zone names from data bag

If you have a few number of zones, you can split these
up into individual data bag objects if you prefer.

data_bag name: bind

zone: string representation of individual zone name.

{
"id": "example",
"zone": "example.com"
}

If you wish to group a number of zones together, you can
use the following format to include a number of zones at once.

data_bag name: bind

zones: array representation of several zone names.

{
"id": "example",
"zones": [ "example.com", "example.org" ]
}

License and Author

Copyright: 2011 Eric G. Wolfe

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.